WE CLAIM: 

1. A secure component-based operating process including: 

(a) retrieving at least one component; 

(b) retrieving a record that specifies a component assembly; 

(c) checking said component and/or said record for validity; 

(d) using said component to form said component assembly 
in accordance with said record; and 

(e) performing a process based at least in part on said 
component assembly. 



1 2. A process as in claim 1 wherein said step (c) comprises 

2 executing said component assembly. 

1 3. A process as in claim 1 wherein said component 

2 comprises executable code. 

1 4. A process as in claim 1 wherein said component 

2 comprises a load module. 

1 5. A process as in claim 1 wherein: 

2 said record comprises: 

3 (i) directions for assembling said component 

4 assembly; and 

5 (ii) information that at least in part specifies a 

6 control; and 

7 said process further comprises controlling said step (d) 

8 and/or said step (e) based at least in part on said control. 

1 6. A process as in claim 1 wherein said component has a 

2 security wrapper, and said controlling step comprises selectively 
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3 opening said security wrapper based at least in part on said 

4 control. 

1 1. A process as in claim 1 wherein: 

2 . said permissions record includes at least one decryption key; 

3 and 

4 said controlling step includes controlling use of said 

5 decryption key. 

1 8, A process as in claim 1 including performing at least two 

2 of said steps (a) and (e) within a protected processing environment. 

1 9. A process as in claim 1 including performing at least two 

2 of said steps (a) and (e) at least in part within tamper-resistant 

3 hardware. 

1 10. A method as in claim 1 wherein said performing step (e) 

2 includes metering usage. 

1 11. A method as in claim 1 wherein said performing step (e) 

2 includes auditing usage. 
1 

1 12. A method as in claim 1 wherein said performing step (e) 

2 includes budgeting usage. 

1 13. A secure component operating system process including: 

2 receiving a component; 

3 ' receiving directions specifying use of said component to form 

4 a component assembly; 
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5 authenticating said received component and/or said 

6 directions; 

7 forming, using said component, said component assembly 

8 based at least in part on said received directions; and 

9 using said component assembly to perform at least one 
10 operation. 

1 14. A method comprising performing the following steps 

2 within a secure operating system environment: 

3 providing code; 

4 providing directions specifying assembly of said code into an 

5 executable program; 

6 checking said received code and/or said assembly directors 

7 for validity; and 

8 in response to occurrence of an event, assembling said code 

9 in accordance with said received assembly directions to form an 

10 assembly for execution. 

1 15. A method for managing at least one resource with a 

2 secure operating environment, said method comprising: 

3 securely receiving a first control from a first entity external 

4 to said operating environment; 

5 securely receiving a second control from a second entity 

6 external to said operating environment, said second entity being 

7 different from said first entity; 

8 securely processing, using at least one resource, a data item 

9 associated with said first and second controls; and 

10 securely applying said first and second controls to manage 

11 said resource for use with said data item. 



- 768 - 



1 16. A method for securely managing at least one operation 

2 on a data item perfonned at least in part by an electronic 

3 arrangement, said method comprising: 

4 (a) securely delivering a first procedure to said electronic 

5 arrangement; 

6 (b) securely delivering, to said electronic arrangement, a 

7 second procedure separable or separate from said first procedure; 

8 (c) performing at least one operation on said data item, 

9 including using said first and second procedures in combination to 

10 at least in part securely manage said operation; and 

11 (d) securely conditioning at least one aspect of use of said 

12 data item based on said delivering steps (a) and (b) having 

13 occurred. 

1 17. A method as in claim 16 including performing said 

2 delivering step (b) at a time different from the time said delivering 

3 step (a) is performed. 

1 18. A method as in claim 16 wherein said step (a) includes 

2 delivering said first procedure from a first source, and said step (b) 

3 includes delivering said second procedure from a second source 

4 different from said first source. 

1 19. A method as in claim 16 further including ensuring the 

2 integrity of said first and second procedures. 

1 20. A method as in claim 16 further including validating 

2 each of said -first and second procedures. 



- 769- 



21. A method as in claim 16 further including 
authenticating each of said first and second procedures. 

22. A method as in claim 16 wherein said using step (c) 
includes executing at least one of said first and second procedures 
within a tamper-resistant environment. 

23. A method as in claim 16 wherein said step (c) includes 
the step of controlling said data item with at least one of said first 
and second procedures. 

24. A method as in claim 16 further including establishing a 
relationship between at least one of said first and second 
procedures and said data item. 

25. A method as in claim 16 further including establishing 
correspondence between said data item and at least one of said 
first and second procedures. 

26. A method as in claim 16 wherein said delivering step (b) 
comprises delivering at least one load module encrypted at least in 
part. 

27. A method as in claim 26 wherein said delivering step (a) 
comprises delivering at least one further load module encrypted at 
least in part. 

28. A method as in claim 16 wherein said delivering step (b) 
comprises delivering at least one content container carrying at 
least in part encrypted control information. 
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1 29. A method as in claim 16 wherein said delivering step 

2 (b) comprises delivering a control method and at least one further 

3 method. 

1 30. A method as in claim 16 wherein said delivering step (a) 

2 includes: 

3 encrypting at least a portion of said first procedure, 

4 communicating said at least in part encrypted first 

5 * procedure to said electronic arrangement, 

6 decrypting at least a portion of said first procedure at least 

7 in part using said electronic arrangement, and 

8 validating said first procedure with said electronic 

9 arrangement. 

1 31. A method as in claim 16 wherein said delivering step (b) 

2 includes delivering at least one of said first and second procedures 

3 within an administrative object. 

1 32. A method as in claim 16 wherein said delivering step (b) 

2 includes codelivering said second procedure in at least in part 

3 encrypted form with said data item. 

1 33. A method as in claim 16 wherein said performing step 

2 includes metering usage. 

1 34. A method as in claim 16 wherein said performing step 

2 includes auditing usage. 

1 35. A method as in claim 16 wherein said performing step 

2 includes budgeting usage. 
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1 36. A method for securely managing at kast one operation 

2 performed at least in part by a secure electronic appliance, 

3 comprising: 

4 (a) selecting an item that is protected with respect to at 

5 least one operation; 

6 (b) securely independently delivering plural separate 

7 procedures to said electronic appliance; 

8 (c) using said plural separate procedures in combination to 

9 at least in part securely manage said operation with respect to 
10 said selected item; and 

n (d) conditioning successful completion of said operation on 

12 said delivering step (b) having occurred. 

1 37. A method for processing based on independent 

2 deliverables comprising: 

3 securely delivering a first piece of code defining a first part 

4 of a process; 

5 separately, securely delivering a second piece of code 

6 defining a second part of said process; 

7 ensuring the integrity of the first and second delivered 

8 pieces of code; and 

9 performing said process based at least in part on said first 

10 and second delivered code pieces. 

1 38. A method as in claim 37 wherein a first piece of code for 

2 said process at least in part controls decrypting content. 

1 39. A method as in claim 37 wherein said ensuring step 

2 includes validating said first and second pieces of code. 
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1 40. A method as in claim 37 wherein said ensuring step 

2 includes validating said first and second pieces of code relative to 

3 one another. 

1 41. A method as in claim 37 wherein said performing step 

2 includes metering usage. 

1 42. A method as in claim 37 wherein said performing step 

2 includes auditing activities. 

1 43. A method as in claim 37 wherein said performing step 

2 includes budgeting usage. 
3 

1 . 44. A method as in claim 37 wherein said performing step 

2 includes electronically processing content based on electronic 

3 controls. 

1 45. A method of securely controlling at least one protected 

2 operation with respect to a data item comprising: 

3 (a) supplying at least a first control from a first party; 

4 (b) supplying at least a second control from a second party 

5 different from said first party; 

6 (c) securely combining said first and second controls to form 
' 7 — a set of controls; 

8 (d) securely associating said control set with said data 

9 item; and 

10 (e) securely controlling at least one protected operation with 

11 respect to said data item based on said control set. 
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1 46. A method as in claim 45 wherein said data item is 

2 protected. 

1 47. A method as in claim 45 wherein at least one of said 

2 plural controls includes a control relating to metering at least one 

3 aspect of use of said protected data item. 

1 48. A method as in claim 45 wherein at least one of said 

2 plural controls include a control relating to budgeting at least one 

3 aspect of use of said protected data item. 

1 49. A secure method for combining data items into a 

2 composite data item comprising: 

3 (a) securely providing a first data item having at least a first 

4 control associated therewith; 

5 . (b) securely providing a second data item having at least a 

6 second control associated therewith; 

7 (c) forming a composite of said first and second data items; 

8 (d) securely combining said first and second controls into a 

9 composite control set; and 

10 (e) performing at least one operation on said composite of 

11 said first and second data items based at least in part on said 

12 composite control set. 

1 50. A method as in claim 49 wherein said combining step 

2 includes preserving each of said first and second controls in said 

3 composite set. 

1 51. A method as in claim 49 wherein said performing step 

2 comprises governing the operation on said composite of said first 
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3 . and second data items in accordance with said first control and 

4 said second control . 

1 52. A method as in claim 49 wherein said providing step 

2 includes ensuring the integrity of said association between said 

3 first controls and said first data item is maintained during at least 

4 one of transmission, storage and processing of said first data item. 

1 53. A method as in claim 49 wherein said providing step 

2 comprises delivering said first data item separately fronr said first 

3 control . 

1 54. A method as in claim 49 wherein said providing step 

2 comprises codelivering said first data item and said first control . 

1 55. A secure method for controlling a protected operation 

2 comprising: 

3 (a) delivering at least a first control and a second control; 

4 and 

5 (b) controlling at least one protected operation based at least 

6 in part on a combination of said first and second controls, 

7 including at least one of the following steps: 

8 resolving at least one conflict between said first and 

9 second controls based on a predefined order, 

10 providing an interaction with a user to form said 

11 combination; and 

12 dynamically negotating between said first and second 

13 controls. 
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1 56. A method as in claim 55 wherein said controlling step 

2 (b) includes controlling decryption of electronic content. 

1 57. A method as in claim 55 further including: 

2 receiving protected electronic content from a party; and 

3 authenticating the identity of said party prior to using said 

4 received protected electronic content. 

1 58. A secure method comprising: 

2 selecting protected data; 

3 extracting said protected data from an object; 

4 identifying at least one control to manage at least one aspect 

5 of use of said extracted data; 

6 placing said extracted data into a further object; and 

7 associating said at least one control with said further object. 

1 59. A method as in claim 58 further including limiting at 

2 least one aspect of use of said further object based on said at least 

3 one control. 

1 • 60. A secure method of modifying a protected object 

2 comprising: 

3 (a) providing a protected object; and 

4 (b) embedding at least one additional element into said 

5 protected object without unprotecting said object. 

1 61. A method as in claim 60 further including: 

2 associating at least one control with said object; and 

3 limiting usage of said element in accordance with said 

4 control. 
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1 62. A method as in claim 60 further including including a 

2 permissions record within said object. 

1 63. A method as in claim 61 further including at least in 

2 part encrypting said object. 

1 64. A method for managing at least one resource with a 

2 secure operating environment, said method comprising: 

3 * securely receiving a first load module from a first entity 

4 external to said operating environment; 

5 securely receiving a second load module from a second entity 

6 external to said operating environment, said second entity being 

7 different from said first entity; 

8 securely processing, using at least one resource, a data item 

9 associated with said first and second load modules; and 

10 securely applying said first and second load modules to 

11 manage said resource for use with said data item. 

1 65. A method for negotiating electronic contracts, 

2 comprising: 

3 receiving a first control set from a remote site; 

4 providing a second control set; 

5 performing, within a protected processing environment, an 

6 electronic negotiation between said first control set and said 

7 second control set, including providing interaction between said 

8 first and second control sets; and 

9 producing a negotiated control set resulting from said 
10 interaction between said first and second control sets. 

1 66. A system for supporting electronic commerce including: 
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2 means for creating a first secure control set at a first 

3 location; 

• 4 means for creating a second secure control set at a second 

5 location; 

6 means for securely communicating said first secure control 

7 set from said first location to said second location; and 

8 means at said second location for securely integrating said 

9 first and second control sets to produce at least a third control set 

10 comprising plural elements together comprising an electronic value 

11 chain extended agreement. 

1 67. A system for supporting electronic commerce including: 

2 means for creating a first secure control set at a first 

3 location; 

4 means for creating a second secure control set at a second 

5 location; 

6 means for securely communicating said first secure control 

7 set from said first location to said second location; and 

8 negotiation means at said second location for negotiating an 

9 electronic contract through secure execution of at least a portion of 

10 said first and second secure control sets. 

1 68. A system as in claim 67 further including means for 

2 controlling use by a user of protected information content based on 

3 at least a portion of said first and/or second control sets. 

1 69. A system as in claim 67 further including means for 

2 charging for at least a part of said content use. 

1 70. A secure component-based operating system including: 
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2 component retrieving means for retrieving at least one 

3 component; 

4 record retrieving means for retrieving a record that specifies 

5 a component assembly; 

6 checking means, coupled to said component retrieving means 

7 and said record retrieving means, for checking said component 

8 and/or said record for validity; 

9 using means, coupled to said checking means, for using said 

10 component to form said component assembly in accordance with 

11 said record; and 

12 performing means, coupled to said using means, for 

13 performing a process based at least in part on said component 

14 assembly. 

1 71. A secure component-based operating system including: 

2 a database manager that retrieves, from a secure database, 

3 at least one component and at least one record that specifies a 

4 component assembly; 

5 an authenticating manager that checks said component 

6 and/or said record for validity; 

7 a channel manager that uses said component to form said 

8 component assembly in accordance with said record; and 

9 an execution manager that performs a process based at least 

10 in part on said component assembly. 

1 72. A secure component operating system including: 

2 means for receiving a component; 

3 means for receiving directions specifying use of said 

4 component to form a component assembly; 
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5 means, coupled to said receiving means, for authenticating 

6 said received component and/or said directions; 

7 means, coupled to said authenticating means, for forming, 

8 using said component, said component assembly based at least in 

9 part on said received directions; and 

10 means, coupled to said forming means, for using said 

11 component assembly to perform at least one operation. 

1 73. A secure component operating environment including: 

2 a storage device that stores a component and directions 

3 specifying use of said component to form a component assembly; 

4 an authenticating manager that authenticates said 

5 component and/or said directions; 

6 a channel manager that forms, using said component, said 

7 component assembly based at least in part on said directions; and 

8 a channel that executes said component assembly to perform 

9 -u least one operation. 

1 74. A secure operating system environment comprising: 

2 a storage device that stores code and directors specifying 

3 assembly of said code into an executable program; 

4 a validating device that checks said received code and/or 

5 said assembly directors for validity; and 

6 an event-driven channel that, in response to occurrence of 
.7 an event, assembles said code in accordance with said assembly 
8 directions to form an assembly for execution. 

. 9 

1 75. A secure operating environment system for managing at 

2 least one resource comprising: 
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3 a communications arrangement that securely receives a first 

. 4 control from a first entity external to said operating environment, 

5 and securely receives a second control from a second entity 

6 external to said operating environment, said second entity being 

7 different from said first entity; and 

8 a protected processing environment, coupled to said 

9 communications arrangement, that: 

10 (a) securely processes, using at least one resource, a 

11 data item associated with said first and second controls, and 

12 (b) securely applies said first and second controls to 

13 manage said resource for use of said data item. 

1 76. A system for negotiating electronic contracts, 

2 comprising: 

3 a storage arrangement that that stores a first control set 

4 received from a remote site, and stores a second control set; 

5 a protected processing environment, coupled to said storage 

6 arrangement, that: 

7 (a) performs an electronic negotiation between 

8 said first control set and said second control set, 

9 (b) provides interaction between said first and 

10 second control sets, and 

11 (c) produces a negotiated control set resulting 

12 from said interaction between said first and second control sets. 

1 77. A system as in claim 76 further including means for 

2 electronically enforcing said negotiated control set. 
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1 78. A system as in claim 76 further including means for 

2 generating an electronic contract based on said negotiated control 

3 set. 

1 79. A method for supporting electronic commerce including: 

2 creating a first secure control set at a first location; 

3 creating a second secure control set at a second location; 

4 securely communicating said first secure control set from 

5 said first location to said second location; and 

6 electronically negotiating, at said second location, an 

7 electronic contract, including the step of securely executing at least 

8 a portion of said first and second secure control sets. 
9 

10 80. An electronic appliance comprising: 



a processor; and 

at least one memory device connected to said processor; 
wherein said processor includes: 

retrieving means for retrieving at least one 
component, and at least one record that specifies a component 
assembly, from said memory device, 

checking means coupled to said retrieving means for 
checking siad component and/or said record for validity, and 

using means coupled to said retrieving means for 
using said component to form said component assembly in 
accordance with said record. 

81. An electronic appliance comprising: 
at least one processor, 

at least one memory device connected to said processor; and 
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at least one input/output connection coupled to said 
processor, 

wherein said processor at least in part executes a rights 
operating system to provide a secure operating environment within 
said electronic appliance. 

82. An electronic appliance as in claim 81 wherein said 
processor includes means for providing a channel, said channel 
assembling independently deliverable components into a 
component assembly and executing said component assembly. 

83. An electronic appliance as in claim 81 further including 
a secondary storage device coupled to said processor, said 
secondary storage device storing a secure database, said processor 
including means for decryting information obtained from said 
secure database and for encrypting information to be written to 
said secure database. 

84. An electronic appliance as in claim 81 wherein said 
processor and said memory device are disposed in a secure, 
tamper-resistance encapsulation. 

85. An electronic appliance as in claim 81 wherein said 
processor includes a hardware encryptor/decryptor. 

86. An electronic appliance as in claim 81 wherein said 
processor includes a real time clock. 

87. An electronic appliance as in claim 81 wherein said 
processor includes a random number generator. 
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88. An electronic appliance as in claim 81 wherein said 
memory device stores audit information. 

89. A method for auditing the use of at least one resource 
with a secure operating environment, said method comprising: 

securely receiving a first control from a first entity external 
to said operating environment; 

securely receiving a second control from a second entity 
external to said operating environment, said second entity being 
different from said first entity; 

using at least one resource; 

securely sending to said first entity in accordance with said 
first control, first audit information concerning use of said 
resource; and 

securely sending to said second entity in accordance with 
said second control, second audit information concerning use of 
said resource, said second audit information being at least in part 
different from said first audit information. 

90. A method for auditing the use of at least one resource 
with a secure operating environment, said method comprising: 

securely receiving first and second control alternatives from 
an entity external to said operating environment; 

selecting one of said first and second control alternatives; 
using at least one resource; 

if said first control alternative is selected by said selecting 
step, securely sending to said entity in accordance with said first 
control alternative, first audit information concerning use of said 
resource; and 
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if said second control alternative is selected by said selecting 
step, securely sending to said second entity in accordance with 
said second control alternative, second audit information 
concerning use of said resource, said second audit information 
being at least in part different from said first audit information. 
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